[Date Prev][Date Next] [Chronological] [Thread] [Top]

TLS secure connection to an LDAP server

To: openldap-software@OpenLDAP.org, secureshell@securityfocus.com, gary_tay@platts.com
Subject: TLS secure connection to an LDAP server
From: fatima riadi <ftmriadi@yahoo.fr>
Date: Wed, 23 Mar 2005 13:26:34 +0100 (CET)

Hi there,

I am trying to secure connections to my ldap server by
using TLS.
I created a certificate for my server. The certicate
verification was OK (openssl verify -CAfile
/path/to/ca.pem /path/to/my_ldap_srv_certificate).
On my slapd.conf file I set TLSCACertificateFile,
TLSCertificate and TLSCertificateKeyFile paths.
I ran my server on the two default ports 389 (ldap)
and 636 (ldaps) using this command: 'slapd -d127 -h
"ldap:/// ldaps:///'.
Once checking the SSL conection (by running the
command: 'openssl s_client -connect localhost:636
-showcerts -state -CAfile /path/to/ca.pem'), I get the
following output:
  
  CONNECTED(00000003)
  SSL_connect:before/connect initialization
  SSL_connect:SSLv2/v3 write client hello A
  SSL3 alert read:fatal:handshake failure
  SSL_connect:error in SSLv2/v3 read server hello A
  2338:error:14077410:SSL
routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
failure:s23_clnt.c:470:

My server's debug output shows:

  TLS trace: SSL3 alert write:fatal:handshake failure
  TLS trace: SSL_accept:error in SSLv3 read client
hello B
  TLS trace: SSL_accept:error in SSLv3 read client
hello B
  TLS: can't accept.
  TLS: error:1408A0C1:SSL
routines:SSL3_GET_CLIENT_HELLO:no shared cipher
s3_srvr.c:882
  connection_read(8): TLS accept error error=-1 id=0,
closing
  connection_closing: readying conn=0 sd=8 for close
  connection_close: conn=0 sd=8
  daemon: removing 8
  daemon: select: listen=6 active_threads=0 tvp=NULL
  daemon: select: listen=7 active_threads=0 tvp=NULL
  daemon: activity on 1 descriptors
  daemon: select: listen=6 active_threads=0 tvp=NULL
  daemon: select: listen=7 active_threads=0 tvp=NULL


I can't guess what could be the error. Do you please
have any suggestion?

I am using OpenSSH_3.5p1 with OpenLDAP 2.1.22 on a Red
Hat box.

Thank you in advance!


	

	
		
__________________________________________________________________
Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails ! 
Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/

Follow-Ups:
- Re: TLS secure connection to an LDAP server
  - From: "Pierangelo Masarati" <ando@sys-net.it>
- Re: TLS secure connection to an LDAP server
  - From: François Beretti <francois.beretti@enatel.com>

Prev by Date: Re: slapd: Too many open files
Next by Date: Re: using syncrepl for master slave relationship not working
Index(es):
- Chronological
- Thread